AWS IAM password policy does not have a minimum of 14 characters
Description
Password policies are used to enforce the creation and use of password complexity. Your IAM password policy should be set for passwords to require the inclusion of different character types. The password policy should enforce passwords contain a minimum of 14 characters, this increases security, especially from a brute force attack.
Code Example
resource "aws_iam_account_password_policy" "strict" {
...
+ minimum_password_length = 14
}Remediation
- AWS Console*
To change the password policy in the AWS Console you will need appropriate permissions to View Identity Access Management Account Settings. To manually set the password policy with a minimum length, follow these steps:
. Log in to the AWS Management Console as an * IAM user* at https://console.aws.amazon.com/iam/.
. Navigate to * IAM Services*.
. On the Left Pane click * Account Settings*.
. Set * Minimum password length* to 14 or greater.
. Click * Apply password policy*.
- CLI Command*
To change the password policy, use the following command: [,bash]
aws iam update-account-password-policy --minimum-password-length 14
NOTE: All commands starting with * aws iam update-account-password-policy* can be combined into a single command.
=== Fix - Buildtime
Terraform
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0064 |
| Severity | INFO |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_AWS_10 |